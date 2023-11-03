Cybersecurity researchers have discovered a concerning development in the world of instant messaging apps. Several modified versions of WhatsApp for Android have been found to contain a stealthy spyware module called CanesSpy. Unlike the original version of the app, these malicious versions are distributed through dubious websites and Telegram channels catered mainly to Arabic and Azerbaijani speakers.

Once installed on a device, CanesSpy remains dormant until the phone is switched on or plugged in for charging. It then establishes communication with a command-and-control server, sending sensitive information about the compromised device, such as the IMEI, phone number, mobile country code, and mobile network code. Additionally, CanesSpy transmits the victim’s contacts and account details every five minutes, as well as awaits further instructions from the command-and-control server every minute.

What sets this spyware apart is its use of Arabic in all the messages sent to the command-and-control server, hinting at an Arabic-speaking developer behind the operation. The campaign has been active since mid-August 2023, targeted primarily at users in Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.

This discovery highlights the ongoing problem of modified messaging apps being exploited to distribute malware. WhatsApp mods, including CanesSpy, are primarily distributed through third-party Android app stores, which often lack stringent security measures. These unverified platforms, as well as popular Telegram channels, can unknowingly expose users to dangerous threats.

It is crucial for users to exercise caution when downloading apps from unofficial sources and to stick to reputable app stores, such as Google Play Store. Additionally, enabling security features like app verification and regularly updating your mobile operating system can help protect against such malicious attacks.

FAQ

Q: What is CanesSpy?

A: CanesSpy is a spyware module found in modified versions of WhatsApp for Android. It allows unauthorized access to a user’s device and transmits sensitive information to a command-and-control server.

Q: How are these malicious WhatsApp mods distributed?

A: These modified versions of WhatsApp are mainly distributed through sketchy websites and Telegram channels that target Arabic and Azerbaijani speakers.

Q: What countries are primarily targeted this spyware campaign?

A: CanesSpy campaign primarily targets users in Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.

Q: How can users protect themselves from such threats?

A: Users should only download apps from reputable sources, such as the official app stores. Enabling security features like app verification and keeping the mobile operating system up to date is also essential for protection.